[pass] totp enhancement
Alexandre Pujol
alexandre at pujol.io
Wed Aug 5 15:57:14 CEST 2015
Hi,
Maybe I'm wrong, but in my opinion it is a mistake to use a password
manager in order to store OTP secrets.
The aim of an TFA is to increase the auth security requiring the
combination of two different components. For instance something you know
(a password) and something you've got (a key, a OTP generated on your
mobile or on a security device...).
Therefore if you store your OTP secrets in the same place than all your
passwords it makes the whole thing pointless.
Regards,
Alex
On 05/08/15 12:50, admin wrote:
> Hello,
> I'm apologize for my poor english and my bad code... But I tried to
> add a functionality to allow password-store to generate a time otp.
> It's very useful for websites requesting a 2FA totp like google or
> github. See my fork of the master github password-store :
> https://github.com/Gambiit/password-store
> Thanks a lot for password-store, Best regards :)
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150805/ae193a97/attachment.html>
More information about the Password-Store
mailing list